One of the biggest threats for any organisation is Insider Threat. An employee visiting malicious sites, drive-by downloads, uploading documents etc. , in short any web activity that can impact the organisation. Many of the organisations have chose to deploy DLP, Intrusion Detection and Prevention systems, proxies, user behaviour analytics and other expensive tools to fight against the threats but are still failing to prevent or reduce risk occurring via this threat.
From my previous post, I mentioned attackers are exploiting human characteristics – FEAR and CURIOSITY. Employees clicking on picture of a cat and wallah the system has been infected. No matter how much security awareness we provide , there will always be risk of having internet connection on corporate network.
Wouldn’t it be good to have some functionality or an application that can prevent a malware, to infect the operating system, coming via a URL or when a user is visiting a site? It can be obfuscated scripts, executables, rootkits etc. We do have a VM that we use for sand-boxing, but let’s agree that not all users in your organisation knows how to use it and/or even understand the impact of infected system in a corporate network. During this search I came across a tool called “Browser in the Box” created by Sirrix AG Technologies.
Browser in the box provides a virtual environment with a web browser is encapsulated in it. Therefore, when an employee is surfing internet through this browser, any suspicious/malicious files from internet will stay in this virtual environment and will not traverse through actual host operating system. All the browsing activities are isolated completely from the host operating system. “Browser in the box” also prevents any uploading of the files into the internet, which suggests the confidentiality and integrity of the organisations data is not compromised. Please note, the application is not a virtual machine (one can think that there are malware that identifies vm and will not execute), its a virtual environment similar to windows XP mode. I will try and test whether this is actually true.
The system was initially developed by Sirrix on behalf of German Federal office for Information Security. Currently the solution is open for public.